On Wed, Oct 18, 2000 at 09:59:36AM +0200, Fredrik Rambris wrote: > Add a loopback interface and set the limit there. Local access to the > machine should not be limited. Like this: This is not the right way to go about it. > +--------------+ +-------------+ +-------------------+ > Internet-<128kbit< Eth1 |-| Lo1 >128kbit>-| Proxy <-100MBit-> |-LAN > +--------------+ +-------------+ +-------------------+ > > So only trafic to and from Internet would be limited. Trafic to an from > the LAN would be 100MBit. > > Is this possible?! Or is there another better solution to get the same > result? Mark packets coming in over the internet with either ipchains or netfilter. This needs 'shape on fwmark' or something like that enabled in the kernel configuration. If the packets traverse your router untouched (ie, don't go via the proxy), the mark will remain on them. Then you shape outgoing packets in eth0 that have this mark on them, and don't shape other packets. Regards, bert hubert -- PowerDNS Versatile DNS Services Trilab The Technology People 'SYN! .. SYN|ACK! .. ACK!' - the mating call of the internet
